Kansas City Hospice Hit by BlackSuit Ransomware Attack

Incident Date:

October 19, 2024

World map

Overview

Title

Kansas City Hospice Hit by BlackSuit Ransomware Attack

Victim

Kansas City Hospice

Attacker

Black Suit

Location

Kansas City, USA

Missouri, USA

First Reported

October 19, 2024

Ransomware Attack on Kansas City Hospice by BlackSuit Group

Kansas City Hospice & Palliative Care, a nonprofit organization renowned for its compassionate end-of-life care, has fallen victim to a ransomware attack by the notorious BlackSuit group. This incident highlights the vulnerabilities faced by healthcare providers, particularly those in the hospice sector, which are often targeted due to the critical nature of their services and data.

About Kansas City Hospice

Established in 1980, Kansas City Hospice & Palliative Care is a prominent nonprofit organization dedicated to providing comprehensive hospice and palliative care services. With approximately 200 staff members, the organization offers a range of services, including in-home care, inpatient care, symptom management, and family support. Its commitment to holistic care, addressing physical, emotional, and spiritual needs, distinguishes it in the healthcare industry. The organization is deeply rooted in the Kansas City community, engaging in educational initiatives and training programs for healthcare professionals.

Attack Overview

The ransomware attack was revealed when BlackSuit listed Kansas City Hospice on its dark web leak site on October 19. Upon detecting unusual activity, the hospice quickly initiated an investigation with third-party forensic specialists. Although certain systems were disrupted, the organization managed to maintain operations and has since achieved full recovery. The full scope of the data accessed remains undisclosed, and Kansas City Hospice has not confirmed any ransom demands publicly.

About BlackSuit Ransomware Group

BlackSuit, a successor to the Royal ransomware family, is known for its sophisticated tactics, including data exfiltration and extortion. The group employs a double extortion model, threatening to publish stolen data if ransoms are not paid. BlackSuit typically gains initial access through phishing emails, disabling antivirus software, and exfiltrating data before deploying ransomware. Their ransom demands range from $1 million to $10 million, with payments usually requested in Bitcoin.

Potential Vulnerabilities

Healthcare organizations like Kansas City Hospice are particularly vulnerable to ransomware attacks due to the sensitive nature of their data and the critical services they provide. The reliance on digital systems for patient care and data management makes them attractive targets for threat actors like BlackSuit. The attack underscores the importance of effective cybersecurity measures to protect against such threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.